win32/excryptor

Discussion in 'Gaming and Software' started by Captain_Crusty, Jul 27, 2010.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Captain_Crusty

    Captain_Crusty War Hero Reviewer Book Reviewer

    AVG announced this evening that my computer had win32/excryptor (a malware it would seem having googled it).

    It dealt with it and I deleted it from the vault. I then made sure I was fully updated on AVG and ran another full scan of the computer. This scan showed up as fully clear.

    Am I now fine? Do I need to do anything else?

    Any advice gratefully received.

    C_C
     
  2. Sounds all clear to me
     
  3. msr

    msr LE

    Double check with this: Emsisoft Free Emergency Kit download it, extract to a folder on a memory stick and run a2emergencykit.exe

    msr
     
  4. Captain_Crusty

    Captain_Crusty War Hero Reviewer Book Reviewer

    MSR - many thanks. Ran Emisoft over night and it came up with 3 high risks (although 2 of these appeared to be BT Connection software) - now deleted and hopefully clean!

    Now have emisoft on a USB stick just in case though!

    C_C
     
  5. msr

    msr LE

    Can you post a copy of the log file?

    msr
     
  6. Captain_Crusty

    Captain_Crusty War Hero Reviewer Book Reviewer

    Emsisoft Anti-Malware - Version 1.0
    Last update: 27/07/2010 22:56:14

    Scan settings:

    Scan type: Deep Scan
    Objects: Memory, Traces, Cookies, C:\, D:\
    Scan archives: Off
    Heuristics: Off
    ADS Scan: On

    Scan start: 27/07/2010 22:58:49

    Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
    Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.dl.tvunetworks.com!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.dl.tvunetworks.com!A2
    C:\HP\BIN\EndProcess.exe detected: Riskware.Win32.KillApp!A2
    C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll detected: Backdoor.Win32.IRCNite.po!A2
    C:\WINDOWS\Installer\{11F5AF48-471B-4C6F-A464-B18AA494BB2D}\bttxtico.exe detected: Gen.Trojan!IK
    C:\WINDOWS\Temp\._msige52\program files\Google\Google Earth\plugin\googleearth_free.dll detected: Backdoor.Win32.IRCNite.po!A2

    Scanned

    Files: 200476
    Traces: 394374
    Cookies: 10
    Processes: 88

    Found

    Files: 4
    Traces: 4
    Cookies: 0
    Processes: 0
    Registry keys: 0
     
  7. msr

    msr LE

    This one is a false positive: C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll detected: Backdoor.Win32.IRCNite.po!A2

    I have let them know and it should be fixed in a future update.

    msr
     
  8. Captain_Crusty

    Captain_Crusty War Hero Reviewer Book Reviewer

    MSR - many thanks.

    Have now rerun emisoft and its showing clean so fingers crossed!

    Will make donation to Hols4Heroes...

    C_C